summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMartin Schwidefsky <schwidefsky@de.ibm.com>2006-11-05 08:03:01 +0100
committerAdrian Bunk <bunk@stusta.de>2006-11-05 08:03:01 +0100
commite77b34960d3e48f4e5d4aa2cdb737f618d3834b7 (patch)
treeaaf918c91b1b2ce526bedd313d37ed2951f980c9
parentdfa2e9e76edadc584a0da6966aa081527dad1372 (diff)
downloadlwn-e77b34960d3e48f4e5d4aa2cdb737f618d3834b7.tar.gz
lwn-e77b34960d3e48f4e5d4aa2cdb737f618d3834b7.zip
[S390] fix user readable uninitialised kernel memory, take 2.
The previous patch to correct the copy_from_user padding is quite broken. The execute instruction needs to be done via the register %r4, not via %r2 and 31 bit doesn't know the instructions lgr and ahji. Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Adrian Bunk <bunk@stusta.de>
-rw-r--r--arch/s390/lib/uaccess.S10
-rw-r--r--arch/s390/lib/uaccess64.S2
2 files changed, 6 insertions, 6 deletions
diff --git a/arch/s390/lib/uaccess.S b/arch/s390/lib/uaccess.S
index d4c218c2b657..0028a5461ca7 100644
--- a/arch/s390/lib/uaccess.S
+++ b/arch/s390/lib/uaccess.S
@@ -41,15 +41,15 @@ __copy_from_user_asm:
5: mvcp 0(%r5,%r2),0(%r4),%r0
slr %r3,%r5
alr %r2,%r5
-6: lgr %r5,%r3 # copy remaining size
+6: lr %r5,%r3 # copy remaining size
ahi %r5,-1 # subtract 1 for xc loop
bras %r4,8f
- xc 0(1,%2),0(%2)
-7: xc 0(256,%2),0(%2)
+ xc 0(1,%r2),0(%r2)
+7: xc 0(256,%r2),0(%r2)
la %r2,256(%r2)
-8: ahji %r5,-256
+8: ahi %r5,-256
jnm 7b
- ex %r5,0(%r2)
+ ex %r5,0(%r4)
9: lr %r2,%r3
br %r14
.section __ex_table,"a"
diff --git a/arch/s390/lib/uaccess64.S b/arch/s390/lib/uaccess64.S
index 9811e8a2fc8b..7fbe36311cd5 100644
--- a/arch/s390/lib/uaccess64.S
+++ b/arch/s390/lib/uaccess64.S
@@ -49,7 +49,7 @@ __copy_from_user_asm:
la %r2,256(%r2)
8: aghi %r5,-256
jnm 7b
- ex %r5,0(%r2)
+ ex %r5,0(%r4)
9: lgr %r2,%r3
br %r14
.section __ex_table,"a"